1) You should bother with the TimeServer configuration. It doesn’t matter. Same for the client configuration: ntpd or chronyd is fine. But you can’t have both running at the same time.
2) I would stick with the standard way to proceed (define a new pool of time servers).
You can perfectly use the firewall-cmd command. This tutorial is slightly old (written for RHEL 6 and hasn’t been updated for RHEL 7 that favors Firewalld over Iptables).